Signal Says It Will Exit India Rather Than Compromise Its Encryption
from the principles-matter dept
Signal ensures its users’ security and privacy by encrypting their messages and refusing to collect a bunch of data governments or malicious hackers might find useful or interesting. That hasn’t made it many friends in governments (except with government officials who utilize the service to dodge public records requests).
An FBI official once compared Signal creator Moxie Marlinspike to a KKK member, which gives you some idea how entities, whose demands for data have been thwarted by Signal’s refusal to collect/store this data, feel about the ultra-secure messaging platform.
The government of India is one of several that take a dim view of encryption, feeling it does little more than allow criminals to avoid detection and otherwise threaten the security of the nation and the safety of the public. The Indian government is wrong, but that hasn’t stopped it from trying to mandate backdoors or just flat-out ban encrypted communications.
One route the Indian government has taken to justify its attempts to undermine encryption is the fight against online disinformation and abusive communications. A law put into place mandates encrypted services collect and retain metadata about encrypted communications, something some services — like WhatsApp — don’t currently do. That move resulted in WhatsApp suing the Indian government over the 2021 law, claiming the mandate — which would require WhatsApp to collect and retain all message metadata in perpetuity (since it obviously can’t know in advance what information the government will come looking for) — violates India’s own privacy laws.
The Indian government has now gone even further. Proposed legislation would give the government the power to intercept encrypted messages. Obviously, interception is useless against end-to-end encryption, so this new power would either require companies to provide assistance in decrypting and/or intercepting messages or it would require companies falling under the mandate to unplug at least one end of the end-to-end encryption so the government can listen in.
Signal is making it clear it won’t comply with mandates that require it to compromise its encryption, which means the Indian government’s pending threat to undermine its citizens’ security will remain only theoretical if it moves forward with this legislation.
In a wide-ranging interview with Nilay Patel for The Verge, Signal president Meredith Whittaker made it clear the company will exit India (and give up access to a market with more than a billion potential users) if the Indian government heads in the direction of backdoors or compelled decryption.
If India passes a law or deems Signal to not be in compliance with whatever encryption regulation, will you walk?
I mean, if the choice is breaking Signal or walking… A lot of times, these policies, strategies, and discussions are not a Boolean. It’s not a cut-and-dry engineering decision — these are very muddy. Frankly, these are not things that are usually best to go into detail on publicly. You have to think about a lot of different political and social dynamics all at once and make up-to-the-minute choices based on dynamic situations. That is a very broad answer.
I think we are going to be keeping our eye on it. We are going to be doing everything we can to remain available to as many people as possible without breaking Signal.
It’s a broad answer to a specific question. If a government in the world says, “In order to operate in our country, we want the keys to your encryption,” would you just walk?
Yes, we would walk. We will not hand over the keys to our encryption, we will not break the encryption. In fact, with the way we are built, we don’t have access to those keys.
There will be no calling of Signal’s bluff because… well, it’s not a bluff. First off, it doesn’t collect or retain the metadata demanded by the law passed last year. And it doesn’t have the encryption keys the Indian government now seems intent on obtaining from encrypted communication services.
Signal can’t be pushed around because it’s a non-profit that doesn’t need to answer to shareholders or execs who expect to see constant growth. And there’s no magical in-between area where the Indian government and Signal can find common ground. Some things are a bit Boolean, as Whittaker states above, but some things are simply binary.
More from the president of Signal:
We are not going to compromise. That would imply that we are in a negotiating stance. Again, I have been in tech almost 20 years, so I have seen this sort of magical thinking recur. It’s this desire, particularly by state actors, to break encryption for their purposes, without understanding that that breaks it fundamentally across the board. This may sound a little bit dated, but there is no compromising with math.
If encryption is broken, it is broken. If Signal doesn’t keep its privacy promises, then there is no real point for us to exist as a nonprofit whose sole mission is to provide a safe, private, pleasant place for messaging and communication in a world where those are vanishingly few and far between.
That’s the entirety of Signal’s mission statement. Either Signal provides what it tells users it provides or it doesn’t. And Signal is unwilling to become a service that claims to offer secure communications but only if users reside in certain countries or allow Signal to hold their encryption keys or whatever.
It’s not often you see this sort of principled stand taken by communication service providers. And it’s refreshing to hear that no matter what compromises its competitors make to retain users, Signal won’t start valuing things like market growth over its promises to users.
Filed Under: encrypted messaging, encryption, india, signal
Companies: signal
Comments on “Signal Says It Will Exit India Rather Than Compromise Its Encryption”
Who's going to tell Modi that its easier than this?
All they’ve got to do is get an app installed that will run on devices and collect the data for them.
And they’ll be leaving the UK next.
“Some things are a bit Boolean, as Whittaker states above, but some things are simply binary.” Uh… first, he said it’s NOT Boolean. Second, Boolean is true/false logic. This statement makes no sense.
Re:
I agree, it’s a bit of a head-scratcher.
Although (incoming rambling), boolean and binary aren’t actually the same thing but they can often be used interchangeable depending on context. Booleans represent a logical state where something is true or false while binary represent two different values.
Compare these 2 statements:
* You come to a fork in the road, do you intend to go left?
* You come to a fork in the road, do you go left or right?
The first has a boolean answer (yes/no -> true/false), but it doesn’t give any information of your intentions if you answer no – did you turn back, did you go right or perhaps you couldn’t decide. The second has a binary answer, either you went left or you went right which can’t be represented as a boolean value for that context.
Re: Re:
They’re both binary. Only the first is boolean. All booleans are binary. Not all binaries are booleans.
Re:
Also, Meredith Whittaker is a she.
When you ditch your only selling point what do you have left?
When you think about it doesn’t seem to be as hard a choice as it might seem at first even setting aside principles.
Sure losing a potential user-base of a billion plus is a huge hit but a secure communication service that ditches the ‘secure’ part of that might as well shut down at that point since the precedent will have been set that that privacy and security will last only until enough pressure is applied and with that precedent set it will be, time and time again by governments across the globe.
Better to lose a billion possible users than lose all of them.
If this is true, it’s refreshing to hear that some people/companies refuse to bend over for the government, or for the money. That being said, how does this company make a profit? Forgive my ignorance; I just heard about Signal for the 1st time last week.
Re:
Signal is run by the Signal Technology Foundation, a nonprofit organization. They are primarily funded by donations.
Yeah, about that...
I would be far more impressed with Signal’s “hardline privacy stance” if it didn’t require you to give it your phone number; but it does, so I have no use for it.
Re:
Which is an obvious thing for governments to use in a claim of jurisdiction. It’s hard to claim you’re not intentionally servicing India if you’ve verified hundreds of thousands of phone numbers starting with +91. Whereas if they didn’t require phone numbers and they geo-blocked Indian IP addresses, even if people in India could easily get around that, it’d be hard to say that’s Signal’s fault.
I’m quite sad that Signal adoption is basically non-existent here. I was using it for all my messaging needs other than Whatsapp but they now even cut SMS support. I wish ppl would move to a better, safer alternative…
This comment has been flagged by the community. Click here to show it.
latest cricket news
Lotus News 247 is a ‘One-of-a-kind’ platform that offers live stats Update, match prediction, and Latest cricket news for all cricket enthusiasts. At Lotus News 247, From our professional news sources, you may find cricket predictions Series, advice, live sessions, and Match reviews. https://lotusnews247.com/